SAS 70 Audits
SAS 70 Audits
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or examination is widely recognized, because it represents an in-depth audit of a service organization's control activities, which generally include controls over information technology and related processes. In today's global economy, service organizations or service providers are providing a variety of business process outsourcing (BPO) functions for their commercial and government customers. Quite often, through contract agreement or financial statement reporting purposes, these service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
One of the most effective ways a service organization can communicate information about its controls is through a Service Auditor's Report. There are two types of Service Auditor's Reports: Type I and Type II.
In a Type I report, the service auditor will express an opinion on (1) whether the service organization's description of its controls presents fairly, in all material respects, the relevant aspects of the service organization's controls that had been placed in operation as of a specific date, and (2) whether the controls were suitably designed to achieve specified control objectives. In a Type II report, the service auditor will express an opinion on the same items noted above in a Type I report, and (3) whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.
Service organizations receive significant value from having a SAS 70 engagement performed. A Service Auditor's Report with an unqualified opinion that is issued by an Independent Accounting Firm differentiates the service organization from its peers by demonstrating the establishment of effectively designed control objectives and control activities. A Service Auditor's Report also helps a service organization build trust with its user organizations (i.e., customers).
Whether required by external customers, contract or agreement, we can assist you through the performance of a SAS 70 Audit. ML Weekes has experience performing both Type I and Type II audits and has a wide-range of experience on issues related to system compliance auditing and performing audits addressing the elements of the internal control structure, including; control environment factors, accounting system objectives and control procedures. Our current SAS 70 engagement team has an average experience level of 14 years in accounting and compliance.